The U.S. Copyright Office is making changes to the Digital Millennium Copyright Act (DMCA) safe harbor agent registration process. The changes impact both new online service providers as well as existing online service providers who have already registered an agent. Read on for details about what you will need to do.

What do I need to know about the new DMCA agent registration system?

In order to qualify for DMCA safe harbor protections, you must designate an agent to receive notifications of claimed infringement under the DMCA using the Copyright Office’s new electronic system by December 31, 2017. Section 512 of the DMCA provides safe harbors to shield online service providers from certain claims for copyright infringement based on user generated content transmitted, cached, stored, referred, or linked on their website, app, or other online service.

What if you previously registered a DMCA agent using the old paper system prior to December 1, 2016?

You must re-register using the new electronic system by December 31, 2017.

What else is new?

Under the new DMCA regulations, DMCA agent registrations are no longer perpetual – you must renew your registration every three years.

Do you really need to worry about this?

Yes, you should take action if:

You previously registered a DMCA agent using the old paper system prior to December 1, 2016;

You have a DMCA take-down policy in the Terms of Service for your online service; and/or

Your online service stores, transmits, caches, refers, or links content generated by users, including websites that allow users to post, upload, or display text, photos, videos, audio, etc. If users can upload any content to your website, app, or other online service, you are an “online service provider” under the DMCA and should protect yourself with DMCA safe harbor.

Do you need to make any changes to your Terms of Service?

This is a good opportunity to review and update your Terms of Service, especially if you have not done so in the last two or three years.

For the time being, decertification is a solely U.S. issue. Under the Iran nuclear agreement (known as the Joint Comprehensive Plan of Action, or JCPOA), Iran agreed to limits on its nuclear program in exchange for relief from U.S. and UN sanctions. Soon after the JCPOA was signed, the U.S. Congress passed the Iran Nuclear Agreement Review Act (INARA). That law requires the president to certify to Congress every 90 days that Iran is meeting the terms of the nuclear agreement and that continuing to waive sanctions on Iran is vital to the security interests of the United States. President Trump has stated that on October 15, he will decertify Iran under INARA on the grounds that continuing to waive sanctions is not in the national security interests of the United States.

Will U.S. secondary sanctions be reinstated automatically?

U.S. sanctions that were lifted pursuant to the JCPOA will not be automatically reinstated upon decertification. The reinstatement of U.S. sanctions under INARA would require action from Congress. All the signatories of the JCPOA, and many in President Trump’s own cabinet, have expressed the desire to keep the JCPOA intact.

What will the U.S. Congress do in response?

Much speculation surrounds how Congress will respond, but the basic choice is whether to re-impose sanctions against Iran or not.

The sanctions option would be relatively simple: the INARA contains language for a bill to reinstate U.S. sanctions against Iran, as well as against non-U.S. persons dealing with Iran. That bill would effectively restore U.S. Iran sanctions to the very aggressive program that was in place before the nuclear agreement went into effect in January 2016.

The INARA sets a deadline of 60 days after decertification for Congress to reimpose Iran sanctions. Congress could let that period lapse, and do nothing in response to the decertification. That would leave JCPOA sanctions relief in place for the time being. But it would also leave in place the provision requiring the President to certify Iran every 90 days. In that case, President Trump would face the choice in January of whether to decertify again, or to change his mind – neither of which would be politically comfortable for the President. For that reason, President Trump has requested that Congress amend INARA to lift the certification requirement. If that happens, U.S. sanctions relief would remain in place, and the President would be relieved of the irritant of the certification requirement.

Will UN sanctions be reinstated?

UN sanctions against Iran would not be reinstated as a result of decertification. Implementation of the nuclear agreement included not only suspension of U.S. sanctions, but also those imposed by the United Nations. The UN Security Council endorsed the JCPOA. And the International Atomic Energy Agency, a UN body, has determined that that Iran is in compliance with the deal to date. For those reasons, there is no indication that the UN (or any of its member states) will reinstitute sanctions against Iran as a result of President Trump’s decertification.

What would the reimplementation of pre-2016 U.S. sanctions look like?

Prior to the JCPOA, the United States maintained a series of secondary sanctions, meaning that non-U.S. entities, particularly banks, could be sanctioned for certain transactions with Iran. It is likely that non-U.S. banks would be the primary target of reimplemented sanctions because impeding the use of global financial systems has been one of the most effective means of isolating Iran.

If those sanctions were reimposed, non-U.S. persons could be subject to U.S. sanctions, including a sanction prohibiting non-U.S. banks from using U.S. correspondent or payable-through accounts to process U.S. dollar transactions, for certain transactions with Iran. Re-instatement of the pre-2016 sanctions would subject the following transactions to penalties, even if they occur outside the United States and even if they are conducted by non-U.S. persons:

A bank conducting transactions with the Central Bank of Iran (CBI) and most other Iranian financial institutions;

A bank engaging in significant transactions related to the Iranian Rial or providing U.S. banknotes to the Iranian government;

A bank providing financial messaging services to CBI or other Iranian banks;

Any non-U.S. entity engaging in significant financial transactions in the energy, shipping, or automotive sectors; and

Any non-U.S entity purchasing, subscribing, or facilitating the issuance of Iranian sovereign debt, including government bonds.

All non-U.S. subsidiaries of U.S. companies would be required to cease transactions with Iran.

How will the other parties to the JCPOA respond?

If Congress reimplements pre-2016 sanctions against Iran, the United States will likely be considered in breach of the JCPOA. The JCPOA’s “snapback” provision permits Iran to re-start its nuclear weapons program and automatically reinstitutes EU sanctions on Iran.

The other parties to the JCPOA may wish to develop a solution to continue waiving UN and EU sanctions, in the effort to maintain the limits on Iran’s nuclear program. However, if the U.S. sanctions are reinstated, particularly those secondary sanctions against banks, non-U.S. Iran business would be significantly impeded, and Iran would have little incentive to uphold its end of the JCPOA.

What should I be doing now to prepare for the coming changes?

As we reported here the threat of an end to the JCPOA is real, even though the October 15 decertification may not cause it automatically. Any non-U.S. company (and any non-U.S. subsidiary of a U.S. company) that is doing or contemplating business in Iran should have a ripcord option. We will continue to update our clients on the latest changes from Washington, but companies must be prepared for a return, possibly a sudden return, to the stringent financial restrictions on Iran business that were in place two years ago.

CFIUS has the power to unwind your M&A deal. That power will likely expand. That is the headline.

The Committee on Foreign Investment in the United States (CFIUS) reviews acquisitions by foreign parties of “critical industries” and “critical infrastructure” in the United States. The inter-agency committee’s actions warrant plenty of explanation, and you can find much of it here.

However, the critical note for the purposes of this article is that CFIUS has the power to review certain purchases of U.S. assets by foreign companies. CFIUS has some discretion in the transactions it chooses to review. Although the Committee chooses a variety of deals to examine, it takes a particular interest in purchases by companies owned or controlled by China or Chinese persons.

China was a favorite target of tough talk from the Trump campaign. However, the risk of starting a trade war with the United States’ largest goods trading partner ($598 billion in 2015) may require the Trump administration to find means of exerting economic pressure on China without coming to economic blows.

Why CFIUS

Because CFIUS already scrutinizes numerous transactions out of China, it could serve as an ideal vessel for restricting Chinese entry into the U.S. economy and underlining the Trump Administration’s tough stance against China. The Administration could achieve two stated goals by broadening CFIUS’s scope of review or heightening its scrutiny of foreign investments:

1) The Administration could put a subtle squeeze on Chinese investors, creating a bargaining chip to negotiate better behavior from China on trade issues; and

2) The Administration could tout the changes as an act in furtherance of its protectionist agenda.

Recent comments from Peter Navarro, the head of the Administration’s National Trade Counsel are consistent with the possible use of CFIUS to push back against foreign investment. Mr. Navarro stated:

Suppose instead that it is not a benign ally buying up our companies,our technologies, our farmland and our food supply chain, and ultimately
controlling much of our industrial base. Rather it is a rapidly militarizing
strategic rival intent on hegemony in Asia and perhaps world hegemony.”

Mr. Navarro added,

“We have already begun to lose control of our food supply chain.”

That last line may or may not be consistent with actual economic conditions. However, it appears to clearly signal the Administration’s position that more than just the defense and infrastructure sectors of the U.S. economy require protection from foreign investment. We believe the most likely shield the Administration could use is the powers of CFIUS.

Possible Expansion of CFIUS

What if all Chinese investment in the U.S. had to be reviewed by CFIUS? President Trump could expand CFIUS’s reach or direct its scrutiny through an executive order. Because there have been calls from both sides of the aisle to expand CFIUS’s mandate, such an order would likely face less resistance than other points of the Trump Administration’s agenda. Additionally, because CFIUS’s decisions are not reviewable by a court, the Committee’s actions pursuant to a presidential order would also be difficult to challenge.

Will An Expansion of CFIUS Affect Your Company?

Generally, CFIUS has decided to review foreign investment in security, infrastructure, and critical energy projects. However, a congressional commission charged with an economic security review of U.S.-China relations reported that outsourcing to China poses substantive threats to U.S. security with respect to the following:

food supply;

biotechnology;

pharmaceutical products:

critical technology; and even

labor and employment conditions.

The Commission recommended restrictions on Chinese acquisitions of U.S. companies as well as a blanket CFIUS investigation requirement for any acquisition by a state-owned enterprise. The Commission cited Chinese restrictions on U.S. investments in China as grounds for implementing the expansion of CFIUS’s mandate.

Forward planning companies should understand how that will affect the U.S. economy overall and their own businesses in particular. Then they should have a plan in place for that exact eventuality.

The Takeaway: What Your Business Can Do To Prepare for Changes

If your business is in an industry that could be considered critical – and recall the expanding definition of critical discussed above – you may need to plan for more time and resources to bring in investment from outside the United States. If your business is investment or private equity, you may need to plan for the increasing difficulty of partnering with foreign, particularly Chinese, buyers to acquire critical assets in the United States or, conversely, plan for an advantage for U.S. investors in domestic industry. Companies that keep an eye on trends in CFIUS’s statements and actions will be able to navigate changes by moving ahead of them, rather than being caught unprepared and reacting to changes when it is more difficult, expensive, or even too late.

President Trump has stated that he would impose tariffs on imports from China ranging from ten to forty-five percent. Can he do it? And will it cause a trade war?

The Effects of Increased Tariffs

In the 18th Century, tariffs were considered a method of generating revenue and protecting domestic industry. The first U.S. customs duties were imposed in 1789, and were considered vital to the economic survival of the young nation. That mercantilist approach has since been overwhelmingly rejected by mainstream economists. Even by the time of the American Revolution, specialization and comparative advantage were being touted (including by Adam Smith, whose Wealth of Nations was published in 1776) as the true route to national prosperity.

Nevertheless, high import duties continue to have a place in modern trade policy. For example, the U.S. Department of Commerce regularly imposes antidumping duties to protect U.S. production of certain goods, from roller bearings to frozen crawfish. Those duties often cause the foreign manufacturers to withdraw from the U.S. market, which yields higher market share for the domestic companies. Of course, one criticism of this approach is that protecting a producer’s market increases the consumer’s prices. So picking winners isn’t always the best strategy for everyone.

But the threat to impose a high duty on all goods from a specific country would be a totally different kettle of crawfish. Would President Trump attempt to impose a broad new tariff on China? We think he will. He has so far shown a great willingness to buck conventional opinion in favor of bold policy initiatives (such as the successive executive orders on immigration). There is absolutely no reason to think he would avoid a China tariff just because Adam Smith would think it is a bad idea. We understand the Administration is currently researching multiple potential avenues to increase duties on Chinese imports. Those avenues could include the 1917 Trading with the Enemy Act, which President Nixon invoked in 1971 to impose a 10% surcharge on imported steel. The Nixon steel surcharge was implemented by Presidential proclamation, codified by a summary change to the tariff schedule, and upheld by the federal courts.

Other tools at the Administration’s disposal include the International Emergency Economic Powers Act of 1977 and the Trade Expansion Act of 1962. And President George W. Bush imposed steel tariffs in 2002 under the provisions of the Trade Act of 1974. According to an analysis by one of the world’s foremost free traders, these actions and more have been generally upheld by the U.S. courts.

But some of Mr. Trump’s critics suggested that his proposed tariffs may trigger a trade war. And everyone knows (well, almost everyone) that high tariffs imposed in 1930 triggered a trade war and deepened the Great Depression. Some think it contributed to the outbreak of WWII. So would a Trump Tariff of 2017 cause another trade war?

Trade War and the Great Depression

The Smoot-Hawley Tariff Act of 1930 imposed high new tariffs on over 890 imported goods. Trading partners imposed retaliatory tariffs, which spiraled upward into a global trade war. U.S. exports dramatically declined in the early 1930s. One recent analysis concludes that regardless of whether the Smoot-Hawley tariffs were the major cause of the Great Depression, “they definitely were a truly terrible idea. In today’s world where Central Banks have been pumping out liquidity and inflating stocks, similar to the case in the 1920s, we must hope that we don’t repeat the mistake of Smoot-Hawley.”

Enter the WTO

It is true that world liquidity and manufacturing capacity are high, and some consider the equities markets to be bubbling over. But one tool the world has that it did not have in 1930 was the World Trade Organization (WTO). China and the United States are both among the WTO’s 164 member states. One of the WTO’s goals is to avoid trade wars – in fact that is one of the central reasons it was set up in 1995.

All WTO members agree to afford all other members something called most-favored nation (MFN) treatment. The MFN principle obligates WTO members not to discriminate between trading partners by imposing higher duties against a single WTO member, except under very narrow circumstances. If they do impose WTO-inconsistent duties, there is a very deliberate series of procedures the offended member must take before retaliating. As a result, the WTO Agreement tends to slow down the process of escalating tariffs, and avert trade wars. Although a prevailing party can ultimately obtain WTO approval for imposing retaliatory tariffs, it can take years.

Will Tariffs Under President Trump Result In a Trade War With China?

The existence of the WTO drastically alters today’s stage from that of the era of the Great Depression. With a much slower retaliation cycle, even if the Trump Administration imposed a broad import duty on China, the prospect of an all-out trade war may is much more unlikely than in times past. Of course, it is also true that Mr. Trump could unilaterally withdraw from the WTO, as he threatened during the campaign to do if his trade policies with Mexico do not bear fruit. For now, we’re not taking him at his word on that. But if he is thwarted in his efforts to renegotiate NAFTA, we will revisit that assessment.

In the past, the Antitrust Division has used its “Frequently Asked Questions” piece to announce significant changes in the Amnesty Program. In November 2008, for example, they made mandatory an explicit admission of criminal wrongdoing. Before then, the applicant need only have reported “possible” criminal activity. FAQs, p.6, fn. 7

The Division’s January 17, 2017, edition makes two more very significant changes: (1) to obtain a marker, counsel must identify the client (FAQs, p.3) and (2) amnesty for executives is not guaranteed under the often-used Type B Leniency. In that situation, “…the Division has more discretion…”( FAQs, p. 22).

Both changes will give counsel and potential amnesty applicants pause. Before this revision, counsel need only have identified the client’s industry in enough detail for the Division to confirm that there were no prior markers pending. Certainly, counsel would not have applied for a marker even under the old standard without some significant investigation and serious if rapid reflection. Now counsel probably need to be fairly certain that they will perfect the marker and apply for Amnesty. Otherwise, counsel will simply have specifically identified a client as having some sort of significant issue. How to gracefully back out of that situation without leaving a red flag in the Division’s hands would be challenging, to say the least.

The second change is even more serious. Under past Amnesty practice, counsel could assure senior executives that as long as they fully cooperated, they would be protected. Now that advice will often need to be hedged, especially because the Division prefers to proceed under Type B Leniency whenever possible. For Type A Leniency—and a guarantee of protection for senior executives—“the Division [must not]have received information about the illegal activity being reported from any other source.” In practice, that is often a high bar for the applicant. “Any other source” is an exceptionally broad concept. For the more common Type B Leniency, the applicant need simply be first to come in at a time when the Division can’t prove a criminal case. The common scenario, of course, is when the Division issues grand jury subpoenas. In that situation, counsel can no longer promise protection for cooperating executives if the company’s application is granted.

The difficulty of that situation need only be mentioned for it to be appreciated, particularly given the Division’s requirement that full cooperation include cooperation against the company’s individuals as deemed necessary by the Division.

How these changes will play out in practice is hard to predict. Perhaps the Division’s thinking is that they want the standard for a marker to be higher. In practice, it will be—counsel will have to be a long way toward concluding that the application will be perfected before deciding to identify a client. As for the second change, the real proof will be in how the Division exercises the discretion it has now claimed. Perhaps they believe, first, that a company with a criminal problem will choose protection even if it leaves some executives exposed and, second, that they ought to be able to prosecute especially bad actors even if they give the company and some executives a pass.

A President Trump will have authority to reinstate sanctions lifted by the Iran Nuclear Deal as well as revoke certain authorizations provided for business with Iran.

Several economic and geopolitical factors may cause Mr. Trump to reconsider or mitigate his approach to the Iran Nuclear Deal.

Companies should prepare to respond quickly to any changes.

Maybe you’ve seen it before, the series of characters that represents upsetting the whole game, flipping the table:

(╯°□°）╯︵ ┻━┻

These days, where words fail, we have emojis. And here they describe what a President Trump may do to the carefully planned Iran Nuclear Deal. One year after the implementation of the Iran Nuclear Deal (much discussed, at least in our blog), Mr. Trump will take office. At that time, we will see whether his campaign rhetoric against Iran becomes policy action or whether it will be tempered by geopolitical and business realities.

Setting the Table: The Deal as it Stands

On January 16, 2016, the Joint Comprehensive Plan of Action (JCPOA or Iran Nuclear Deal), rolled back U.S. sanctions on non-U.S. countries for doing certain business with Iran. That sanctions reduction provided substantial opportunities for businesses around the world to enter a long-isolated market of 77 million Iranian consumers. In line with the policy increasing business with Iran, the U.S. also provided licenses for U.S. manufacturer Boeing to provide a fleet of new aircraft to Iran to modernize its civil aviation sector.

Can It Be Flipped? The Powers of the New President

During the presidential campaign, Mr. Trump took a strong stance against the deal, repeatedly threatening to walk away from the agreement if elected.

Just as President Obama used his executive authority to effectuate the Iran sanctions reduction, Mr. Trump will have authority to reinstate those measures. Obama issued presidential waivers, revoked executive orders, and removed parties from the Specially Designated Nationals (SDN) List. Once elected, Trump may re-impose many of the alphabet soup of statutes, waived by Obama. As this blog is already two acronyms and one emoji deep, we’ll spare you the details, but many of the statutes simply may be imposed by presidential discretion or determination.

Trump may also essentially reinstate the executive orders Obama revoked by simply issuing new executive orders. As an example, Mr. Trump could use an executive order to rescind General License H, which permits the foreign subsidiaries of U.S. companies to conduct transactions with Iran. Finally, Trump may designate parties to the SDN List via executive order.

Trump may treat the Iran Nuclear Deal like a business contract he dislikes, enforcing the terms so strictly that the terms cannot be met or the other party walks away. If Iran fails to meet its commitments in the Nuclear Deal, the President may “snap back” the sanctions to their pre-2016 state. Trump would have little trouble invoking the snapback provision as, this past November, the International Atomic Energy Agency reported that Iran was already in violation of at least one term of the Deal. President Obama has not snapped back the sanctions, but Mr. Trump may take a stricter approach.

Finally, as president, Mr. Trump may act to actually increase sanctions on Iran. According to a recent report, Trump’s team is examining options to impose non-nuclear sanctions on Iran.

The Big Spill: The Repercussions of Re-imposing Iran Sanctions

Although Trump may have authority to impose or re-impose sanctions, several outside influences may limit his actions. First, Mr. Trump is a business man who has promised American jobs under his administration. If Iran sanctions are reinstated, the licensed Boeing order would be effectively cancelled, which may hurt U.S. manufacturing employment. Additionally, revoking the authorization for U.S.-owned subsidiaries to do business in Iran could also injure American companies with a global presence. Second, the United States’ withdrawal from the Iran Nuclear Deal could damage relations with European and Asian countries who favor business with Iran. Finally, withdrawal does not mean that the other countries subject to the Iran nuclear deal (Russia, China, Germany, Britain, and France) would reimpose their sanctions, giving those countries a distinct advantage over the United States in the potential growth-market in Iran.

The Others at the Table: How a Flip May Affect Your Business

The imposition of Iran sanctions would require companies to breach contracts and wind up current Iran business. However, even if Mr. Trump snaps sanctions back, OFAC guidance states the United States will not apply sanctions retroactively for transactions conducted prior to the snapback.

Key takeaway

We believe it is likely that Mr. Trump will make some show of his anti-Iran leanings in his sanctions policy. However, potential repercussions may cause him to mitigate his approach. We recommend that companies have a clear understanding of their Iran-related conduct so they are well-positioned to act quickly should January 2017 bring as dramatic of a change for business in Iran as January 2016. The one certainty during a Trump presidency is that 2017 will be the year for your compliance department to shine.

Brazilian aircraft manufacturer Embraer SA (“Embraer”) will pay the United States government $205 million to settle allegations that the company violated the Foreign Corrupt Practices Act (“FCPA”) by paying millions in bribes and falsifying accounting records. The United States government asserted that Embraer bribed government officials within the Dominican Republic, Saudi Arabia, and Mozambique with millions of dollars to win government aircraft contracts. The government also alleged Embraer paid millions in falsely recorded payments in India through a fraudulent agency agreement.

Under the settlement with the United States government, Embraer will pay $107 million to the Justice Department under a three-year deferred prosecution agreement (“DPA”), and will pay over $98 million in disgorgement and interest to the Securities and Exchange Commission (“SEC”). As part of the DPA, Embraer admitted to a conspiracy to violate the FCPA’s anti-bribery provisions, the FCPA’s books and records provisions, as well as its willful failure to execute adequate internal accounting controls. As part of the DPA, Embraer agreed to implement numerous corporate compliance measures, including retaining an independent monitor for a three-year term.

In 2008, Embraer paid a Dominican Republic government official $3.52 million to secure the sale of eight military aircrafts to the Dominican Air Force for approximately $92 million, which was paid out to three separate Dominican shell entities. The same year, Embraer paid $800,000 to an official within Mozambique’s state-owned commercial airline, Linhas Aéreas de Moçambique S.A., in connection with the airline’s purchase of two Embraer aircrafts for $65 million. The deal was executed through a false agency agreement with an intermediary that had been designated by the Mozambique official. In 2009, Embraer paid $5.76 million to an agent in India to secure the sale of three specialized military aircrafts for India’s air force; these payments were falsely recorded in Embraer’s books and records as part of an illegitimate consulting agreement. Finally, in 2010 Embraer routed $1.65 million to an official at a Saudi Arabian state–owned and –controlled company to secure the purchase of three aircrafts. Embraer’s total profits from all of these aircraft sales amounted to almost $84 million.

In the DPA, the Justice Department explained that the decision to enter into the DPA and assess a $107 million criminal penalty (20 percent below the bottom of applicable range under the U.S. Sentencing Guidelines) was based on several factors. These factors included Embraer’s failure to disclose the violations, its full cooperation in the government’s investigation once served with a subpoena by the SEC, its inadequate compliance program at the time of the conduct and subsequent intention to design more effective controls, and its failure to engage in full remediation. Specifically, while Embraer did discipline managers and employees involved in the conduct at issue, it did not discipline a senior executive who was aware of bribery discussions as early as 2004 based on email evidence and who had oversight responsibility for the disciplined employees.

Lessons can be learned from Embraer’s recent FCPA settlement. The Justice Department’s DPA noted that Embraer failed to have sufficient internal controls such as requiring adequate due diligence of third party agents and consultants, requiring a fully executed contract with a third party prior to making any payment, or implementing any oversight over the payment process to third parties. Companies should ensure they have robust internal compliance procedures in relation to their interactions with third party agents and consultants to protect against potential FCPA violations.

On Oct. 27, in a vote split along party lines, the Federal Communications Commission (“FCC”) approved a new regulatory regime staking its claim to privacy regulation of both fixed and mobile Internet service providers (“ISPs”) like Comcast, Verizon, and AT&T. The FCC’s rules follow its decision in the Open Internet Order, released last year and analyzed here, to classify broadband Internet access service as a common-carrier telecommunications service. The FCC’s new rules are intended to give consumers control over the ways in which ISPs use and share their customers’ private information. While the FCC has yet to release its Report and Order, the FCC’s Fact Sheet and statements by the commissioners indicate that the new privacy rules in many respects track the proposed rules the FCC put forward earlier this year, which seek to make the FCC the “toughest” privacy regulator in the Internet ecosystem by imposing on ISPs significantly more onerous and restrictive requirements for use and collection of consumer data than the Federal Trade Commission (“FTC”) imposes on its non-ISP competitors.

As we have discussed in previous blog posts covering issues related to privacy, cybersecurity, and enforcement, the FCC’s new rules reflect ongoing efforts by federal agencies to assert jurisdiction over privacy regulation of the Internet ecosystem, sometimes in parallel but often at odds with one another. These compound and conflicting regulations result in heightened risk, compliance costs, and uncertainty, in addition to potential competitive imbalances for industry. They also result in confusion for consumers about what information concerning themselves and their online habits is and is not protected, and by whom.

Historically, the FTC has been the country’s leading privacy regulator of the Internet ecosystem. The FTC relies on its broad jurisdictional mandate to regulate “unfair and deceptive trade practices” to enforce a privacy regime applicable to websites, applications, web browsers, search engines, social networks, and other “edge providers” that collect consumer data like Google and Netflix. And, while the FTC’s jurisdiction likely does not extend to common-carrier ISPs who collect consumer data, it regulates others in the Internet ecosystem who compete directly with ISPs in the online advertising market.

The FCC’s new rules share characteristics with the FTC’s long-standing regulation in this space, including requiring fixed ISPs and mobile data carriers that offer broadband services to obtain affirmative “opt-in” consent from consumers prior to using, sharing, or selling sensitive information. The FCC’s definition of “sensitive information,” however, is far more expansive than the FTC’s definition and includes geo-location information, web browsing and app usage history, in addition to the health and financial information considered sensitive by the FTC. Consumers will have the option to “opt-out” and prevent ISPs from using and sharing “non-sensitive” individually identifiable customer information as well. The rules also require ISPs to provide customers with information about their collection, use, and sharing of consumer data and to comply with additional protocols to protect consumer information. Finally, the rules require that ISPs adhere to new notification protocols in the event of a data breach that includes consumer information, providing notice to affected customers no later than 30 days after reasonable determination of a breach, and notice to the FCC, Federal Bureau of Investigation, and U.S. Secret Service within 7 days if the breach affects more than 5,000 customers, a much shorter timeline than any other federal or state data breach notification requirement.

The FCC’s heightened privacy regulatory regime for ISPs likely will require significant changes (at significant cost) to many ISPs’ handling, storage, and use of customer information, as well as their marketing practices, privacy policies, data protection standards, systems and protocols and breach-notification requirements. But that regime may fall short of meeting the FCC’s lofty promise that consumers will enjoy the “meaningful choice” that “they deserve,” and may even harm the consumers the FCC intends to protect.

First, the rules reach ISPs only, who only represent a subset of the players in the Internet ecosystem who have access to consumer data and compete in the multi-billion dollar market for that information. And the rules subject ISPs to vastly more stringent regulation than their non-ISP (or “edge”) competitors, even though edge providers collect and use significantly more consumer information than do ISPs. The “meaningful choice” the FCC seeks to empower thus stops at the Internet connection. As soon as consumers use the connections provided by their ISPs to access non-ISP browsers, websites, apps, search engines, social networks, video streaming sites—virtually the entire Internet—the FCC’s protections fall away (at least with respect to the sites consumers access). As Commissioner Ajit Pai observed in his statement dissenting from the FCC’s order, “those who have more insight into consumer behavior (edge providers) will be subject to more lenient regulation than those who have less insight (ISPs).” Nothing in the new rules will stop edge providers from using consumer data not deemed “sensitive” by the FTC to profit from targeted advertising and the ability to provide consumers supplemental benefits or products. The FCC’s new framework requires “opt in” consent before ISPs could use and profit from the same kinds of information, which consumers understandably are loathe to provide in an era of seemingly endless email hacks and data breaches. As a result, ISPs will either (a) be locked out of this market for consumer data, or (b) be forced to offer financial incentives to their customers to obtain their opt-in consent. Either way, this approach gives edge providers an unfair competitive advantage, arguably without creating any concrete consumer benefits.

Second, Chairman Wheeler’s assertion that the new rules represent a “significant step to safeguard consumer privacy in this time of rapid technological change” may mislead consumers into believing their data is secure when it is not. The Fact Sheet does not explain to consumers that, while ISPs will no longer be permitted to monitor their customers’ web browsing history without consent, that same browsing history will continue to be mined, used and sold by search engine providers, social media websites and other Internet destinations. Even when a consumer opts out of sharing sensitive information with his or her ISP, that consumer will still receive targeted advertising derived from Internet use data collected by non-ISP edge providers. Thus, while the FCC’s strict regulation of ISP data collection and use practices may be well-intended, the narrow limits of FCC jurisdiction mean that the Commission simply cannot deliver on its promises of heightened consumer privacy across the Internet ecosystem. It remains to be seen whether the FCC’s final Report and Order will clearly and transparently signal the limits of the protections it seeks to offer. If not, the rules risk lulling consumers into a false sense of privacy, or creating confusion about who is accessing their information and for what purposes, undermining the consumer protections the rules promise.

It is possible that the FCC is betting that the FTC will follow suit and impose a similar regime on the edge providers it regulates. However, such a bet seems ill-considered and speculative at best, as such a shift by the FTC appears highly unlikely any time soon.

As a result, when the new FCC rules take effect, very little will change for American consumers. Their online behavior will continue to be tracked, harvested and monetized by companies of all kinds . . . except ISPs. The FCC’s new rules simply mean that the same consumer information will be subject to different standards depending upon which agency regulates the company collecting it.

We will provide an update on these issues after the FCC releases the underlying Report and Order that is the source for the FCC’s Fact Sheet on these important issues.

Non-U.S. banks can do business with Iran and continue their relationships with U.S. banks.

Non-U.S. companies may use proceeds from Iran transactions more freely, including in the United States.

OFAC draws a clearer line with respect to the use of Iran-related funds.

After the Iran nuclear agreement, as non-U.S. companies entered into newly-permitted business in Iran, they faced the difficult question of where they could put the money from their Iran business. U.S. law still prohibits U.S. persons (including U.S. banks) from conducting most business with Iran. Among other rules, OFAC regulations and guidance provided that “Iran-related” funds could not transit the U.S. financial system. But the guidance did not state clearly what constituted “Iran-related” funds. For that reason, foreign financial institutions (FFIs) hesitated, even feared, to process Iran-related transactions because of the risks of sending Iran-related funds into the U.S. financial system in violation of U.S. sanctions. However, a new clarification in the OFAC guidance could change all of that (and change it in the way we proposed right here in this blog[1]).

The Change

On October 7, 2016, OFAC amended one phrase in FAQ C-15 of its Frequently Asked Questions on the implementation of the Iran nuclear agreement. Previously, the FAQ read as follows:

It remains prohibited, however, for non-U.S. financial institutions to route Iran-related transactions through U.S. financial institutions or involve U.S. persons in such transactions, unless the transactions are exempt from regulation or authorized by OFAC.

As of October 7, 2016, that sentence has been revised to read as follows:

It remains prohibited, however, for non-U.S. financial institutions to route transactions involving Iran to or through the U.S. financial system, or involve U.S. persons in such transactions, unless the transactions are exempt from regulation or authorized by OFAC.

[Emphasis definitely added by us.]

Did you see what they did there?[2] By changing the phrase “Iran-related transactions” to “transactions involving Iran,” OFAC has established a much brighter line by which FFIs and non-U.S. companies can determine whether Iran-related funds are permitted enter the U.S. system. The elegant simplicity with which OFAC has drawn that line (only three little words!) merits the admiration of legal drafters everywhere.

The Implications

Prior to the OFAC guidance change, an FFI holding an account containing proceeds from a transaction in Iran could not be certain whether it could process those funds through the U.S. system. Additionally, it was unclear whether the Iran-related proceeds would taint the rest of the funds in the account so that no funds in that account could transit the U.S. banking system.

Under the new guidance, it is clear that where a transaction does not involve Iran or persons in Iran, OFAC’s policy is that the funds involved in that transaction may transit the U.S. system. Thus, in our view, if a transaction is complete and the only connection to Iran is that funds in an account were derived from an Iranian transaction, it is permissible for those funds to transit the U.S. financial system. The funds can be exchanged for U.S. dollars, spent on U.S. goods, or paid to U.S. persons for goods and services, so long as those goods or services are not intended for Iran.

We caution that the transaction must legitimately not involve Iran, so the Bank must have systems in place to prevent transactions actually involving Iran from transiting the U.S. system. Of course, the United States can be expected to investigate and strongly penalize activity in which a transaction is set up to appear as if it does not involve Iran, but effectively permits Iran or persons in Iran to make use of the U.S. system.

The Next Steps

If your business involves Iran, this is your first agenda item at the next meeting with your bank. If you have lawful business in Iran and you hold the proceeds of that business in an account with an FFI, you may now provide comfort to your bank that those funds are yours to spend as you please. The transactions you undertake with those funds that do not involve Iran may involve U.S. persons and may use the U.S. banking system. Iran is still effectively barred from using the U.S. banking system, but you are not.

If you are an FFI, you have the opportunity to support and finance all the non-U.S. companies that are champing at the bit to lawfully enter an untapped market of more than 77 million people. You will, of course, need to undertake due diligence measures to ensure that fraudulent transactions do not put you at risk of routing “transactions involving Iran” through the United States. However, we believe FFIs can take these three little words from OFAC as an invitation to join the effort to open business in Iran and open Iran for business.

[1] With the readers’ permission, we will go on and, as the poet suggests, brush our shoulders off.

[2] Well, yeah, probably so. That’s why we added the emphasis. In fact, in every instance in the FAQ of the phrase “Iran-related transaction,” it has been changed to “transaction involving Iran.”

The UK people have voted to leave the European Union. Although there is no constitutional duty to leave the Union as a result, politically this is likely going to happen. Change will not be immediate and happen over time.

Companies are well advised to react quickly to assess the impact Brexit might have on their business and current commercial decisions involving the UK if they have not already done so.

The Process to Exit

Britain’s exit from the EU will be triggered by notice the UK submits under Article 50 of the Treaty on the European Union. That notice will start a two year period within which the EU and UK will negotiate the UK exit. That period can be extended by unanimous decision by all remaining Member States. Once the two sides reach an agreement, or when the two-year period expires, the UK will lose its rights and obligations under EU Treaties. Undoubtedly, the biggest impact on global business will be that the rules of free trade between the UK and the remaining twenty-seven EU Member States will be terminated. This will occur unless the two sides negotiate a special deal and that deal is approved by the unanimous consent of all remaining member states.

Companies in the UK, as well as those doing business with the UK, will use that time of negotiation to assess carefully what Brexit will mean for their businesses. Below, we address six of the questions those companies may face.

Changes to Competition Law Compliance Obligations

In terms of European competition law this will only so long apply directly in the UK as the UK is bound by the European Treaties. This will end with a complete Brexit. Currently, the UK competition rules, are already modelled to a large extent on the equivalent EU rules. There will unlikely be a major change in the near future. However, because the UK will no longer be bound by European Union treaties after it exits the EU, UK competition law will no longer be obligated to conform to the EU system. When the UK law is decoupled from that of the EU, but with both systems running in parallel the two systems are bound to diverge. With EU law no longer being superior, any decisions taken in Brussels will no longer have a binding effect in the UK, nor will precedents set by European Courts.

Enforcement of competition law in the UK will be the sole responsibility of the Competition and Markets Authority which will only apply UK law. For cartel or abuse of dominance investigations there will no longer be a one-stop shop for companies, which might have to respond to both the UK and the European authorities. This will increase those companies’ regulatory burden and costs. In the worst case, that separation could trigger two sets of fines.

There is also a possibility that transactions will have to be notified in the EU as well as the UK and commercial activity will have to be assessed under both the EU merger rules and as well as the UK rules if both jurisdictions are equally affected. This might mean two different sets of waiting periods and/or remedies.

Additionally, claimants in antitrust damages actions may no longer be able to rely on Commission enforcement decisions to prove the infringement in front of UK courts. That change may make the UK courts a less attractive forum in the post-Brexit world.

In order to advise on European law lawyers have to be qualified in one of the EU Members States (which all our attorneys are). Obtaining advice from a UK lawyer will not necessarily give you attorney-advice privilege under the European rules.

The UK would be free to provide grants and state funding to companies without being subject to the constraints of EU State aid rules as there is no equivalent at UK national level. Of course, there could be changes to existing frameworks for EU economic support for agriculture, business start-up or regeneration of regions in the UK. In the absence of detailed regulation this could lead to less ability to challenge a state aid in the UK and we would expect new, potentially different rules to be put in place which again require parallel proceedings.

Potential Barriers to Business Between Europe and the UK

Businesses in the UK may face further restrictions if the free movement rules of the EU, those that apply to goods, workers, services, capital and establishment, no longer apply in the UK. For example, after the exit, UK workers may no longer have a guaranteed right to freely work in Europe on the basis of the free movement rules formerly applicable to services and persons. It is also possible that EU citizens, in turn, will lose their right to establish themselves in the UK: to take up a job or offer their services without a form of work permit or visa.

There is some chance that an EU-UK trade deal includes new rights of free movement of services and persons. However, unless and until such a trade deal is signed, businesses in the EU and UK should prepare for the restrictions.

Currently English law is often used as the governing law in commercial contracts. UK courts have a strong reputation for resolving international disputes and, therefore, are often the venue of choice for such contracts. The exit of Britain from the EU raises uncertainty as to whether and to what extent English law will be based on or derived from EU regulations and rules. A disconnect between English law and EU regulations may mean that companies find a new forum in which to settle their contract disagreements. English is now also widely spoken across the EU. However, the attraction of the long tradition of the English legal system will not disappear overnight.

Effects on Product Qualification and Industry

The EU comprises the world’s largest single market. In order to maintain its access and to trade goods in that market, however, the UK must remain subscribed to the relevant legal frameworks. For instance, companies in the UK may not sell electrical goods or pharmaceuticals into the EU unless those products meet the EU product standards for electrical goods and pharmaceuticals. Brexit will not change that. Conversely, EU companies selling into the UK could continue to do so on the basis of common EU standards unless the UK decides to develop its own (stricter) product specifications. Businesses will likely produce their products along the stricter standards of the UK or (more likely) the EU and only adjust where this makes commercial sense.

Far-reaching EU regulatory harmonization is apparent in relation to certain industries such as financial services, digital, energy or chemicals. After the exit is finalized, that harmonized regulation would cease to apply in the UK and a review process would need to be put in place to determine which laws (implementing sector-specific rules) the UK chooses to keep, remove or modify. That review may lead to legal uncertainty in the interim period and finally to different regulatory regimes of EU and UK. While less regulation in the UK might be beneficial for certain businesses it will likely increase the burden on compliance departments and in-house lawyers.

Potential Responses for Global Business

To assess the potential impacts of Brexit in terms of possible risks and opportunities, your company should ask itself:

Is there any business action involving the EU and the UK which we want to push through before any major changes take place?

How can we obtain maximum legal certainty in doing so (e.g. reps & warranties or force majeure clause in contractual arrangements)?

Does Brexit potentially give me more freedom to do business in the UK?

Can my business remain competitive and attractive in the EU? in the UK?

Will I have access to finance in a UK if the country’s debt loses its AAA rating?

Will I be able to travel, work, and employ as before in the UK?

Is our workforce active in EU member states?

From where can I now recruit the best people?

Do I want to hedge the risk of the UK becoming more isolated and open a subsidiary in the EU?

Who are our customers and suppliers?

Where are they based?

What effect will their location have on my supply and delivery chains?

Which EU technical standards apply to my products or sector?

Are businesses we are considering for purchase or sale active in the UK? In the EU? In both?

To what extent do we rely on EU grants or subsidies?

Which regulatory regimes and reporting requirements will be impacted?

We recommend that companies seek competent advice as they sift through these questions in the coming weeks and months. The planning they do now may keep their businesses steady as the shockwaves from yesterday’s vote ripple through the world economy.